CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-18603

360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.5%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 4.3

References

https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/
https://exchange.xforce.ibmcloud.com/vulnerabilities/151867
https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/

Products affected by CVE-2018-18603

360totalsecurity » 360 Total Security » Version: 3.5.0.1033

cpe:2.3:a:360totalsecurity:360_total_security:3.5.0.1033

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-18603

Products

Pricing

Contact Us